b"Department of Homeland Security\n   Of\xef\xac\x81ce of Inspector General\n\n  TSA's Breach of Sensitive Security Information \n\n\n                    (Redacted)\n\n\n\n\n\nOIG-10-37                               January 2010\n\x0c                                                             Office of Inspector General\n\n                                                             U.S. Department of Homeland Security\n                                                             Washington, DC 20528\n\n\n\n\n                                     January 25, 2010\n\n\n                                         Preface\n\nThe Department of Homeland Security (DHS) Office of Inspector General (OIG) was\nestablished by the Homeland Security Act of 2002 (Public Law 107-296) by amendment\nto the Inspector General Act of 1978. This is one of a series of audit, inspection, and\nspecial reports prepared as part of our oversight responsibilities to promote economy,\nefficiency, and effectiveness within the department.\n\nThis report is in response to a request from the DHS Secretary. It addresses the\ncircumstances, events, and actions surrounding the review, public posting, and discovery\nof unredacted Sensitive Security Information in a document on the internet, and identifies\nweaknesses in the department\xe2\x80\x99s policies and oversight for handling Sensitive Security\nInformation. It is based on interviews with employees and officials of relevant\ncomponents and offices; direct observations; and a review of applicable documents and\ndatabases.\n\nThe recommendations herein have been developed to the best knowledge available to our\noffice, and have been discussed in draft with those responsible for implementation. We\ntrust that this report will result in more effective, efficient, and economical operations.\nWe express our appreciation to all who contributed to the preparation of this report.\n\n\n\n                                      Richard L. Skinner \n\n                                      Inspector General \n\n\x0cTable of Contents/Abbreviations\nExecutive Summary .............................................................................................................1\n\n\nBackground ..........................................................................................................................2\n\n\nResults of Review ................................................................................................................6\n\n\n      Roundtable Discussion Used in Lieu of Three-Stage Review Process ........................6 \n\n      OSSI Policies and Procedures do not Advise Employees on Handling and \n\n        Releasing Redacted SSI Documents .........................................................................7 \n\n      Failure to Follow OSSI Procedures Resulted in an Improper Document Redaction ...8 \n\n      TSA Actions to Support the Montana Airport Solicitation Faced a Number of \n\n        Challenges ...............................................................................................................12 \n\n      SSI Security Breach Discovered.................................................................................15 \n\n\nConclusion .........................................................................................................................17\n\n\n      Recommendations, Management Comments, and OIG Analysis ..............................17 \n\n\n\nAppendices\n     Appendix A: Scope, Purpose, and Methodology ........................................................21 \n\n     Appendix B: TSA Comments to the Draft Report ......................................................22 \n\n     Appendix C: Chief Privacy Officer Comments to the Draft Report ..........................26 \n\n     Appendix D: Evolution and History of the Redacted Screening Management SOPs .28 \n\n     Appendix E: The SSI Review Analyst SOP Checklist and Style Guide .....................29 \n\n     Appendix F: Office of SSI Transmission Email of Redacted Screening \n\n      Management SOP to the Screening Partnership Program Office .............................45 \n\n     Appendix G: Office of SSI Transmission Memorandum of Redacted Screening \n\n      Management SOP to the Screening Partnership Program Office .............................46 \n\n     Appendix H: Security Screening Standard Operating Procedures Sensitive \n\n      Security Information .................................................................................................47 \n\n     Appendix I: Inventory of SSI Documents and Proper Handling Guidance ................49 \n\n     Appendix J: Major Contributors to this Report...........................................................50 \n\n     Appendix K: Report Distribution ................................................................................51 \n\n\n\nFigures\n     Figure 1: Visually Redacted and Redacted Document Creation ............................... 10 \n\n     Figure 2: Chronology of Security Breach Discovery ................................................. 16 \n\n\x0cTable of Contents/Abbreviations\n\n\n\n\n\nAbbreviations\n  ACQ              Office of Acquisitions\n  DHS              Department of Homeland Security\n  FedBizOpps.gov   Federal Business Opportunities\xe2\x80\x99 website\n  OIG              Office of Inspector General\n  OIT              Office of Information Technology\n  OSO              Office of Security Operations\n  OSSI             Office of Sensitive Security Information\n  PDF              Portable Document Format Adobe\xc2\xae Acrobat\xc2\xae\n  PIA              Privacy Impact Assessment\n  R                Redacted\n  TSA              Transportation Security Administration\n  SOPs             Standard Operating Procedures\n  SPPO             Screening Partnership Program Office\n  SSI              Sensitive Security Information\n  STARS            SSI Tracking Audit and Review System\n  VR               Visually Redacted\n\x0cOIG\n\nDepartment of Homeland Security\nOffice of Inspector General\nExecutive Summary\n           At the request of the Secretary for the Department of Homeland Security,\n           we reviewed the events surrounding the release of Sensitive Security\n           Information contained in the Transportation Security Administration\xe2\x80\x99s\n           Screening Management Standard Operating Procedures. The\n           Transportation Security Administration posted the document on\n           March 3, 2009, and reposted it on March 16, 2009, to the Federal Business\n           Opportunities, or FedBizOpps.gov, website, as part of a solicitation to\n           privatize seven airports in the State of Montana. The objectives of our\n           review were to determine how and why the release occurred, and whether\n           management controls are in place and operational to ensure that a similar\n           event would not recur. We determined that for the two documents in\n           question, the redactions were not applied properly, and appropriate quality\n           control procedures were not in place to protect against inadvertent\n           disclosure. Consequently, Sensitive Security Information was visible in a\n           public document posted on the internet. The Transportation Security\n           Administration is conducting an internal vulnerabilities assessment of the\n           effect of the standard operating procedures disclosure.\n\n           Transportation Security Administration officials received email messages\n           on December 5, 2009, advising of a potential Sensitive Security\n           Information breach. These notifications were made by a Transportation\n           Security Administration employee to the Office of Sensitive Security\n           Information, several Transportation Security Administration Sensitive\n           Security Information Coordinators, the Transportation Security\n           Administration Contact Center, as well as an external entity, the United\n           States Computer Emergency Readiness Team. At this time, we are\n           unaware of what actions TSA took in response to these notifications.\n\n           On December 6, 2009, at 4:28 p.m., the Transportation Security\n           Administration Blog Team also received an email message indicating that\n           unredacted Sensitive Security Information in its Screening Management\n           Standard Operating Procedures was on the internet and visible to the\n           public. Transportation Security Administration senior leadership did not\n           receive notification until December 6, 2009, at 8:40 p.m. After receiving\n           notification, the Acting Administrator took immediate actions and began\n           intermediate and long-term measures to mitigate vulnerabilities. The\n           Transportation Security Administration requested that the General\n           Services Administration remove the website posting at 10:30 p.m. The\n\n\n                     TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                        Page 1\n\x0c                    General Services Administration removed the solicitation, including the\n                    Screening Management Standard Operating Procedures from\n                    FedBizOpps.gov. Appendix D reflects the evolution and history of the\n                    redacted Screening Management Standard Operating Procedures.\n\n                    We are making five recommendations, one to the department\xe2\x80\x99s Chief\n                    Privacy Officer, three to the Transportation Security Administration, and\n                    one is directed to both. In response to our draft report, the Transportation\n                    Security Administration and Chief Privacy Officer proposed plans and\n                    actions that, once implemented, will reduce a number of the deficiencies\n                    we identified. The Transportation Security Administration and the Chief\n                    Privacy Officer concurred with all of our recommendations.\n\n\nBackground\n                    To comply with the Aviation and Transportation Security Act of 2001, the\n                    Transportation Security Administration (TSA) established pilot projects at\n                    five airports where employees of qualified private companies, under\n                    TSA\xe2\x80\x99s oversight, and in compliance with federal regulations, policies,\n                    guidance, and Standard Operating Procedures (SOPs), would perform\n                    passenger and baggage screening.1 The law required that those contract\n                    screeners meet all the requirements applicable to federal screeners and the\n                    program be established no later than November 19, 2002. To satisfy the\n                    Act\xe2\x80\x99s requirement, TSA entered into contracts for pilot programs at the\n                    following airports:\n\n                                \xef\xbf\xbd   San Francisco International Airport\n                                \xef\xbf\xbd   Kansas City International Airport\n                                \xef\xbf\xbd   Greater Rochester International Airport\n                                \xef\xbf\xbd   Jackson Hole Airport\n                                \xef\xbf\xbd   Tupelo Regional Airport\n\n                    To meet all the requirements applicable to federal screeners, private\n                    contract companies proposing to undertake and perform these duties\n                    would need information concerning airport Screening Management SOPs.\n                    These procedures contain Sensitive Security Information (SSI). SSI is a\n                    specific category of sensitive but unclassified information restricted from\n                    public disclosure. There are 16 categories of information relating to\n                    transportation security that constitute SSI. TSA's SSI regulation\n                    establishes certain requirements for the handling and dissemination of SSI,\n\n\n1\n    Public Law 107-71, \xc2\xa7 108.\n\n\n\n                                TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                                   Page 2\n\x0c                 including restrictions on disclosure, and also establishes that unauthorized\n                 disclosure is grounds for civil penalties and other enforcement action.2\n                 The Government Accountability Office said in its November 2007 letter\n                 report to Senators Byrd and Price that \xe2\x80\x9cAccording to TSA, SSI may be\n                 generated by TSA, other DHS agencies, airports, aircraft operators, and\n                 other regulated parties when they, for example, establish or implement\n                 security programs or create documentation to address security\n                 requirements.\xe2\x80\x9d3\n\n                 Although the privatized screening pilot projects ended in November 2004,\n                 the Act includes a provision to expand the pilot program. As a result,\n                 other airport operators wanted to pursue privatized screening and TSA\n                 created the Screening Partnership Program Office (SPPO), within the\n                 Office of Security Operations (OSO), to perform and facilitate this\n                 function. Airport operators have been able to apply to SPPO to use private\n                 screeners since November 2004. As of January 2010, private contract\n                 screeners are in place at nine domestic airports.\n\n                 Prior to a 2007 solicitation for requests for proposals to implement\n                 privatized screening at the Key West Airport, TSA required potential\n                 vendors to sign a nondisclosure agreement before providing the SSI\n                 Screening Management SOPs via its SPPO web-board. The web-board\n                 controlled access via login/password to vendor personnel who had\n                 submitted a signed nondisclosure agreement.\n\n                 TSA officials reported to us that over time, TSA\xe2\x80\x99s Office of Privacy and\n                 the Office of Chief Counsel\xe2\x80\x99s Information Law branch informed SPPO\n                 and the Office of Acquisitions (ACQ) that the program\xe2\x80\x99s prior process for\n                 vetting vendors, which included completion of a nondisclosure agreement,\n                 violated their privacy rights. TSA does not have a Privacy Impact\n                 Assessment (PIA) in place for the collection of personally identifiable\n                 information provided through the nondisclosure agreements. A PIA is a\n                 comprehensive process for determining the privacy, confidentiality, and\n                 security risks associated with the collection, use, and disclosure of\n                 personal information. It also defines the measures used to mitigate and,\n                 wherever possible, eliminate the identified risks. A PIA also\n                 communicates to the public how their privacy is protected and their\n                 information kept confidential and secure from unauthorized access.\n\n\n\n\n2\n 49 C.F.R. Part 1520. \n\n3\n  GAO-08-232R Transportation Security Administration Processes for Designating and Releasing Sensitive \n\nSecurity Information, November 30, 2007.\n\n\n\n\n                             TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                                Page 3\n\x0c                Because of the concerns raised by the Offices of Privacy and Chief\n                Counsel, TSA released the solicitation to implement privatized screening\n                at the Key West Airport with limited information, did not have vendors\n                sign a nondisclosure agreement, and did not release the SSI Screening\n                Management SOPs. After the contract award, one vendor that had\n                proposed to undertake and perform these duties at Key West Airport\n                conveyed to TSA that not having access to SSI Screening Management\n                SOPs placed them at a disadvantage, as other vendors had those\n                documents through previously signed nondisclosure agreements.\n\n                In reviewing the Key West solicitation, the Offices of Chief Counsel and\n                ACQ determined that TSA provided too little information and risked\n                receiving an award protest. The expressed view was that incumbent\n                contractors who already possessed the Screening Management SOPs\n                would have an unfair advantage. To accommodate the information needs\n                of potential vendors, and to discontinue the use of nondisclosure\n                agreements, TSA officials we spoke with said that the Office of Sensitive\n                Security Information (OSSI) suggested that SPPO include a redacted\n                version of the Screening Management SOPs when releasing information in\n                a request for proposal. We were told there was not a redacted version of\n                the Screening Management SOPs at that time. In June 2008, SPPO\n                requested that OSSI perform a review of the TSA Screening Management\n                SOPs, Aviation Security Screening Management Standard Operating\n                Procedures.4\n\n                Submission and Review of the Screening Management SOPs\n\n                SSI Review Request\n\n                OSSI is the SSI program manager for TSA. On June 23, 2008, SPPO\n                submitted TSA\xe2\x80\x99s Screening Management SOPs to OSSI for review. In the\n                SSI review request form, an SPPO official asked for \xe2\x80\x9ca review that\n                identified specific SSI within the submitted record(s) so that the text can\n                be either redacted (covered by black boxes) or visually redacted\n                (highlighted).\xe2\x80\x9d\n\n                OSSI received and entered the SSI review request into its system on\n                June 24, 2008. OSSI uses an automated system to process and track SSI\n                review requests, called the SSI Tracking Audit and Review System\n                (STARS). As noted on the request form, SPPO requested an expedited\n                review of the Screening Management SOPs. Rather than the five to ten\n\n\n4\n Aviation Security, Screening Management Standard Operating Procedures; Revision 3; May 28, 2008,\nImplementation date: June 30, 2008. (SSI)\n\n\n\n                             TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                                Page 4\n\x0cbusiness days OSSI requires to complete a review, SPPO officials\nrequested that OSSI complete the review by June 30, 2008, or four\nbusiness days after OSSI entered the initial request into STARS.\n\nRequests for Extension\n\nAfter receipt of the initial review request, email correspondence between\nOSSI and SPPO indicate that OSSI twice communicated its inability to\nmeet the expedited timeline of June 30, 2008. In an email message to\nSPPO dated June 26, 2008, OSSI program staff acknowledged that the\noffice required an adjusted due date of July 3, 2008, because of the\nabsence of key personnel.\n\nOn July 2, 2008, OSSI program staff again sent an email message to SPPO\nthat indicated OSSI would be unable to meet the July 3, 2008, deadline.\nOSSI staff requested a readjusted timeline to perform their analysis. As\nexplanation for this readjusted timeline, an OSSI senior official cited the\nneed for a roundtable discussion, as well as additional support from OSSI\nsubject matter experts on proposed redactions.\n\nThree-Stage Review Process\n\nAccording to The SSI Review Analyst SOP Checklist and Style Guide,\nlocated in Appendix E of this report, OSSI conducts most of its SSI\nreviews in a 3-stage review process. The first stage consists of a\ncomprehensive SSI review of the material, including marking proposed\nredactions and providing accompanying citations to justify those\nredactions. These markings and citations are applied to the document by\nthe first OSSI reviewer. Then the first reviewer\xe2\x80\x99s comments are\nsubsequently reviewed by OSSI staff in the second and third stage\nreviews.\n\nThe second stage review requires a comprehensive review of the material\nas though it was the first review, except the OSSI analyst also critically\nexamines the first reviewer\xe2\x80\x99s markings. The second reviewer can either\nagree with the first reviewer\xe2\x80\x99s proposed redactions, or mark corresponding\nsections in which redactions need adjustment. These markings and\ncitations are also applied to the document by the second reviewer.\n\nIn the third and final stage, a senior OSSI analyst must perform the final\nreview. As the final decision-making authority for the determination and\nreview of SSI material in the document, the third OSSI reviewer resolves\ndiscrepancies in markings between the first and second reviewers. In\naddition, the third reviewer may choose to schedule a roundtable\n\n\n\n           TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                              Page 5\n\x0c          discussion with relevant reviewers and subject matter experts to discuss\n          proposed SSI redactions.\n\n\nResults of Review\n          When TSA learned that SSI was publically available, it took immediate\n          actions and began intermediate and long-term measures to mitigate\n          vulnerabilities. In reviewing the events and circumstances surrounding the\n          SSI release, we determined that OSSI\xe2\x80\x99s failure to follow its procedures\n          resulted in an improper redaction of SSI. In addition, TSA actions to\n          support the solicitation to privatize seven airports in the State of Montana\n          faced a number of challenges, including several amendments to the\n          solicitation, and concerns that the Screening Management SOPs\n          attachment was not marked properly. Further, TSA and the department\xe2\x80\x99s\n          internal controls for reviewing, redacting, and coordinating the protection\n          of SSI are deficient.\n\n     Roundtable Discussion Used in Lieu of Three-Stage Review\n     Process\n          OSSI officials described the roundtable discussion method as an exception\n          to the 3-stage review process for reviewing documents for SSI content, but\n          they contend that it is just as rigorous. OSSI uses it in limited\n          circumstances, such as for complex documents or expedited review of\n          documents not previously reviewed for redaction.\n\n          Due to the expedited nature of the review request, and because the\n          Screening Management SOPs had not been reviewed for redaction of SSI\n          before, at 1:00 p.m. on July 7, 2008, OSSI convened a roundtable\n          discussion. In addition, the roundtable discussion allowed OSSI officials\n          with subject matter expertise to collaborate on proposed redactions.\n          During our review, we identified possible data integrity issues with the\n          data contained in the STARS database. For example, according to\n          STARS, there were four OSSI participants present at the roundtable\n          discussion; however, evidence indicates that there may have only been\n          three OSSI staff participants.\n\n          For the roundtable discussion, OSSI officials reviewed printed copies of\n          the Screening Management SOPs and other relevant materials\n\n\n\n\n          During the roundtable discussion, the participants agreed upon the\n\n                     TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                        Page 6\n\x0c     redactions required in the Screening Management SOPs. At the\n     conclusion of the meeting on July 7, 2008, the document was designated\n     as having undergone final review. One participant in the roundtable\n     discussion was tasked with completing the technical process of creating\n     the redacted documents and delivering the documents to SPPO.\n\n\nOSSI Policies and Procedures do not Advise Employees on\nHandling and Releasing Redacted SSI Documents\n     While TSA has policies and procedures for managing SSI, these policies\n     and procedures do not include requirements for handling and releasing\n     printed or electronically redacted documents. Each TSA Assistant\n     Administrator and Federal Security Director must designate at least one\n     SSI Coordinator for their functional area of responsibility. An SSI\n     Coordinator assists OSSI with SSI matters, including assisting personnel\n     with the appropriate use, application, and marking of SSI. TSA\xe2\x80\x99s policies\n     and procedures should include detailed guidance as well as instruction on\n     proper controls for the handling and release of redacted SSI material.\n\n     TSA officials reported to us that the TSA Online Learning Center features\n     a Sensitive Security Information (SSI) Awareness course available to all\n     TSA employees and is required as part of TSA\xe2\x80\x99s annual training\n     requirements for employees who handle SSI documents. After our review\n     of this training course, we determined that this training does not contain\n     instruction on handling redacted SSI material, the process of consulting\n     with SSI coordinators, or discussion of any other quality control steps\n     prior to the release of redacted information outside of DHS.\n\n     The Password Protection for Electronic Transmission and Storage of SSI\n     Records policy, dated September 29, 2006, requires authorization by the\n     TSA Information Technology Security Office to post SSI material on\n     secure portals, websites, or applications without passwords. The policy\n     titled Posting Material on the TSA Internet pertains to information that is\n     intended to be posted on TSA\xe2\x80\x99s website. Requirements include\n     certification by an employee that the material does not contain SSI. Either\n     OSSI or the employee\xe2\x80\x99s SSI Coordinator must review content that causes\n     the employee uncertainty regarding its sensitivity. In addition, the\n     employee must complete an Internet Posting Request form certifying that\n     the material, whether a printed version of the electronic document or the\n     html code posted on the internet, does not contain SSI. TSA should revise\n     its SSI policies to advise employees on the creation of electronically\n     redacted documents, and provide instructions on the proper posting of\n     redacted information on unsecured internet sites.\n\n\n\n               TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                  Page 7\n\x0c     An OSSI senior official told us that OSSI is not culpable for the release of\n     SSI information by TSA employees. According to the OSSI senior\n     official, current policies and procedures do not compel TSA employees to\n     vet or request the assistance of OSSI in performing redactions and release\n     of SSI. Should TSA agree with these statements, stronger internal\n     controls are necessary.\n\n\nFailure to Follow OSSI Procedures Resulted in an Improper\nDocument Redaction\n     As described in The SSI Review Analyst SOP Checklist and Style Guide,\n     SSI reviews can result in two types of products that are returned to\n     requesting officials. On the SSI review request form, SPPO specifically\n     requested the creation of both a visually redacted (VR) version as well as a\n     redacted (R) version of the Screening Management SOPs. A VR version\n     is a document in which SSI material has been identified and highlighted,\n     and sensitive text is still visible to the requesting program official. An R\n     version of a document contains the same redactions; however, in the R\n     version the highlights are filled in so that sensitive material has been\n     obscured from view. The R version of a final document is created directly\n     from the VR version, and redactions in the two documents should be\n     identical.\n\n     Redaction and Delivery of Document\n\n     Following the roundtable discussion on July 7, 2008, the agreed upon\n     redactions were applied to the documents. According to STARS, OSSI\n     program staff finalized the documents at 2:47 p.m. At 3:03 p.m., OSSI\n     delivered the documents to SPPO via an email. The email contained both\n     the VR and R versions of the document as well as a transmittal\n     memorandum describing the authority by which such information had\n     been withheld. Refer to Appendices F and G for a copy of the email and\n     memorandum. Even though OSSI redacts the SSI header and footer in the\n     R version, these markings were still visible when transmitted to SPPO.\n     The identified SSI content within the document, however, was covered by\n     black redaction boxes.\n\n\n\n\n                TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                   Page 8\n\x0c                  In our discussions with senior OSSI staff, they believed that the OSSI\n                  guide\xe2\x80\x99s step-by-step directions would result in a secure or \xe2\x80\x9clocked down\xe2\x80\x9d\n                  image file, and that the text under the black redaction boxes is not visible\n                  or retrievable. By their account, the process of creating an R version of an\n                  SSI document allows TSA to share information publically and as broadly\n                  as possible without divulging SSI. OSSI used                             to\n                  perform redaction of the Screening Management SOPs.\n\n                  In                          the key step to ensure that document contents\n                  cannot be either manipulated or retrievable is to check\n                                Officials from the Offices of OSSI and TSA\xe2\x80\x99s Office of\n                  Information Technology (OIT) reported to us that OSSI did not consult\n                  with OIT prior to the December 6, 2009, breach to ensure that the\n                  redaction process as written in The SSI Review Analyst SOP Checklist and\n                  Style Guide resulted in a locked down image of the document where text\n                  under the black redaction boxes is not visible or retrievable. The OSSI\n                  guide\xe2\x80\x99s step-by-step directions to create VR and R versions are depicted in\n                  Figure 1.\n\n\n\n\n5\n\nsoftware program, which views, creates, manipulates and manages files in \n\n               a file format that allows for cross-platform electronic information exchange.\n\n\n\n\n\n                               TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                                   Page 9\n\x0cFigure 1: Visually Redacted and Redacted Document Creation\n\n\n\n\nSource: OIG Analysis of The SSI Review Analyst SOP Checklist and Style Guide\n\nTSA officials said that for the redacted information in the Screening\nManagement SOPs to be visible, OSSI staff did not check\n               for the R version. Further, OSSI staff should have realized\nthe error upon performing the text search step, which serves as OSSI\xe2\x80\x99s\nonly quality control feature to ensure redactions are applied correctly. A\n\n\n           TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                              Page 10\n\x0c                 secondary check by another OSSI staff could have identified the error, but\n                 this procedure was not in place and did not occur prior to distribution of\n                 the VR and R documents from OSSI to SPPO.\n\n                 As we depict in Figure 1, our review of the Screening Management SOPs\n                 determined the steps used to create a redacted document could lead to\n                 confusion. Instructions in The SSI Review Analyst SOP Checklist and\n                 Style Guide on redacted document naming are ambiguous and could lead\n                 to improper redaction and inadvertent SSI disclosure. Once OSSI\n                 personnel are finished creating the VR version, the instructions direct the\n                 creation of two R version documents that look identical, yet only one is\n                 properly redacted                    With two documents having the same\n                 nomenclature, OSSI could potentially send the R version that is not\n                 properly locked down                     and the recipient would be\n                 unaware that redacted information is retrievable. Given OSSI\xe2\x80\x99s\n                 procedures, there is a high chance of failure to select the properly redacted\n                 version. OSSI could have eliminated this potential failure by restructuring\n                 the nomenclature into three distinct file names.\n\n                 Sending the VR and R to the Requestor\n\n                 The transmittal memorandum accompanying the two documents indicated\n                 both documents were password protected. The memorandum further\n                 instructed the recipient that for external distribution of these files, the\n                 recipient is to either use a printed copy or, in the case of the password\n                 protected file re-save the file with an idiosyncratic password that meets\n                 TSA\xe2\x80\x99s password requirements.6 The transmittal memorandum also\n                 advised SPPO of OSSI\xe2\x80\x99s availability to answer any questions related to the\n                 redacted documents. When we opened the same documents sent to SPPO,\n                 the VR version included password protection.\n\n                 On August 15, 2008, SPPO staff returned the redacted Screening\n                 Management SOPs in an email message to an OSSI staff member stating\n                 that SPPO wants to release the SOPs. In this message the SPPO staff\n                 member also said that he or she believed that the \xe2\x80\x9cheader footer\xe2\x80\x9d needed\n                 to be marked out. We have made a request for additional documentation\n                 to further analyze the communications between these two individuals.\n                 This was OSSI\xe2\x80\x99s first opportunity to realize the document was not\n                 properly redacted.\n\n\n\n6\n  According to the TSA Sensitive Security Information Policy and Procedure Guide, to electronically\ntransmit SSI material via email, all passwords must follow a prescribed standard format as determined in\nthe policy.\n\n\n\n                              TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                                 Page 11\n\x0c     Although not the focus of our review, when OSSI produces a locked down\n                 document using its internal policy, these documents do not\n     appear to be in compliance with DHS\xe2\x80\x99 Management Directive, Section\n     508 Program Management Office & Electronic and Information\n     Technology Accessibility. To be 508 compliant, non-redacted text must be\n     searchable, and OSSI\xe2\x80\x99s creation of a locked down          does not allow\n     assistive technology to access non-redacted text. Because this issue is\n     outside the scope of our review, once immediate concerns of the SSI\n     breach have been resolved, TSA should conduct an analysis of OSSI\xe2\x80\x99s 508\n     compliance.\n\n     OSSI\xe2\x80\x99s Three-Stage Review Processes Warrant Further Review\n\n     OSSI\xe2\x80\x99s procedures instruct reviewers to use a color-coded system to\n     distinguish the different levels of review for a document. Each level of\n     review is assigned a distinctive color to use when marking SSI content\n     identified in a document. Therefore, the third-stage reviewer could see\n     two different colors marking which level of review identified particular\n     SSI content.\n\n     According to some OSSI program staff, the application of color-coded\n     boxes, used by analysts to distinguish the various review stages and\n     redactions, may have been applied inconsistently in other OSSI redaction\n     reviews. This potential inconsistency and confusion over procedures is\n     outside of our current scope, but should be reviewed in the future to ensure\n     the integrity, designation, and proper protection of SSI.\n\n\nTSA Actions to Support the Montana Airport Solicitation Faced a\nNumber of Challenges\n     Posting of Solicitation to Federal Business Opportunities Website\n\n     There was a significant time gap between the August 15, 2008, email and\n     the initial posting of the request for proposal on February 7, 2009.\n     Although we have been unable to determine the exact cause of the gap,\n     several TSA officials told us there were organizational and staff changes\n     in offices involved in the procurement during this timeframe, as well as\n     delays in funding and program decisions.\n\n     On February 7, 2009, TSA\xe2\x80\x99s ACQ posted solicitation Number HSTS05\xc2\xad\n     09-R-SPP061, on FedBizOpps.gov. FedBizOpps.gov lists notices of\n     proposed government procurement actions, contract awards, sales of\n     government property when the value is greater than $25,000, and other\n     procurement information. Solicitation HSTS05-09-R-SPP061 disclosed\n\n\n                TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                   Page 12\n\x0cthat TSA intended to solicit industry to provide transportation security\nscreening services at seven Montana airports, to include comprehensive\nscreening of passengers and baggage. The initial posting did not include\nthe Screening Management SOPs.\n\nOn February 13, 2009, ACQ staff posted Amendment 1 to\nFedBizOpps.gov. Amendment 1 provided industry with the time of the\nPre-Proposal Conference at TSA headquarters and changed the date for\npotential bidders to submit questions. Amendment 1 did not include the\nposting of the Screening Management SOPs.\n\nConcerns Surfaced that the Solicitation Did Not Include the Screening\nManagement SOPs\n\nAs the posted solicitation on February 7, 2009, and Amendment 1 on\nFebruary 13, 2009, did not include the Screening Management SOPs,\nthere were discussions within TSA to get the SOPs posted. ACQ staff said\nthey would have included the Screening Management SOPs as an\nattachment to the February 7, 2009 solicitation, but they had failed to do\nso because SPPO had not submitted it with other procurement documents.\nOn February 26, 2009, ACQ and SPPO staff discussed whether to include\nthe Screening Management SOPs with a new amendment to the\nsolicitation.\n\nThese conversations resulted in a decision to provide a redacted Screening\nManagement SOPs to ensure potential bidders had access to the necessary\ninformation to create meaningful proposals in response to the solicitation.\nSPPO coordinated with the OSO Procedures Branch on the afternoon of\nFebruary 26, 2009, to determine whether the SOPs had undergone\nsignificant updates since the SSI review in July 2008. Shortly after\nSPPO\xe2\x80\x99s request, the Procedures Branch provided SPPO with a summary\nof updates between the current Screening Management SOPs and the\nredacted version provided by SPPO. As these changes were determined to\nbe insignificant, the SPPO made the decision to move forward with the\nredacted version, and at 4:52 p.m. on February 26, 2009, SPPO forwarded\nwhat was thought to be a redacted Screening Management SOPs to ACQ.\nOur review of the document determined that the SSI header and footer\nmarkings on this document were not redacted, although the identified SSI\ncontent within the document was covered by black boxes.\n\nACQ staff posted Amendment 2 to FedBizOpps.gov on\nMarch 3, 2009. Amendment 2 replaced the existing Solicitation Table of\nContents, changed the date for questions or requests for clarification\nsubmittals, changed the due date for proposal submissions, and added the\nScreening Management SOPs as attachment J-15. This is the first posting\n\n\n          TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                             Page 13\n\x0cof the Screening Management SOPs to FedBizOpps.gov. Interviews with\nstaff from SPPO and ACQ revealed that neither SPPO nor ACQ\nperformed any check of the electronic document to ensure the redactions\nwere applied correctly. Both SPPO and ACQ staff believed it was OSSI\xe2\x80\x99s\nresponsibility to provide a fully protected document.\n\nAdditional Concerns Raised That the Screening Management SOPs\nAttached to the Solicitation Was Improperly Marked\n\nOn March 10, 2009, SPPO staff received notification that the redacted\nScreening Management SOPs loaded to FedBizOpps.gov still had the SSI\nheader and footer markings, even though the document was reportedly\nfully redacted. The SPPO personnel notified ACQ staff about the\nimproperly marked SOP. ACQ personnel acknowledged that the markings\nwere visible and should be blacked out. ACQ staff said that the visible\nmarking would cause some concern even though there was no visible SSI\nin the document.\n\nDialogue continued between ACQ and SPPO personnel concerning adding\na new amendment to the solicitation with a correctly marked version of the\nSOPs. ACQ personnel asked SPPO staff for a point of contact from the\noffice that controls the SOPs to solicit guidance. The SPPO advised ACQ\npersonnel to seek guidance from OSSI. OSSI senior staff instructed ACQ\npersonnel to publish a new version of the document with the visible SSI\nheader and footer markings blacked out, but stated that no harm was done.\nACQ staff explained again that there did not appear to be any sensitive\ninformation in the document, and OSSI acknowledged their statement and\nthanked ACQ staff for the briefing.\n\nFurther evidence shows that on the afternoon of March 13, 2009, ACQ\ntransmitted an electronic version of the July 7, 2008, redacted SOP for\ncorrection to OSSI. Later that afternoon, OSSI senior contract staff\ntransmitted a modified version of the July 7, 2008, redacted SOP to ACQ.\nOur preliminary analysis of this modified SOP demonstrates that the SSI\nheader and footer markings were redacted properly. However, the black\nbox redactions were not properly locked down. Meaning the text under\nthe black boxes would remain visible should the boxes be moved. Thus,\nOSSI did not perform their own quality control procedures to ensure the\nScreening Management SOPs were locked down. This was OSSI\xe2\x80\x99s\nsecond opportunity to realize the document was not properly redacted.\n\nACQ staff posted the modified July 7, 2008, redacted SOP as part of\nAmendment 3 to FedBizOpps.gov solicitation on March 16, 2009.\nAmendment 3 included changing the ACQ solicitation point of contact,\nand providing government responses to bidder\xe2\x80\x99s questions in PDF format;\n\n\n          TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                             Page 14\n\x0c     government changes to request for proposal in response to bidder\n     questions in PDF format; a slide presentation from Pre-Proposal\n     Conference in PDF format; and a what was thought to be a fully redacted\n     Screening Management SOPs document from Amendment 2 in PDF\n     format.\n\n     SPPO Procurement Package Remains on Federal Business Opportunities\n     After Contract Award\n\n     On August 24, 2009, TSA awarded the contract for screening management\n     services at the seven Montana airports. According to FedBizOpps.gov\n     personnel, after a procurement is complete, the information posted to\n     support the solicitation is removed from active listings, but remains\n     retrievable on the FebBizOpps.gov. The information remains on the\n     website for historical purposes and allows individuals to conduct market\n     research regarding past government purchases. ACQ staff stated that\n     Amendments 2 and 3 to the solicitation included the Screening\n     Management SOPs, but also administrative procurement related\n     documents. ACQ staff told us they believed the contents of the documents\n     were properly redacted, therefore there was no need to remove them from\n     FedBizOpps.gov. As a result, the Screening Management SOPs were\n     archived with the other procurement related documents.\n\n\nSSI Security Breach Discovered\n     TSA officials received email messages on December 5, 2009, advising of\n     a potential SSI breach. These notifications were made by a TSA\n     employee to OSSI, several TSA SSI Coordinators, the TSA Contact\n     Center, as well as an external entity, the United States Computer\n     Emergency Readiness Team. At this time, we are unaware of what actions\n     TSA took in response to these notifications.\n\n     On December 6, 2009, at 4:28 p.m., the TSA Blog Team received an email\n     indicating that redacted SSI in TSA\xe2\x80\x99s Screening Management SOPs was\n     on the internet and visible to the public. Figure 2 reflects TSA\xe2\x80\x99s senior\n     leadership actions in response to the Blog Team notification.\n\n\n\n\n               TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                  Page 15\n\x0cFigure 2: Chronology of Security Breach Discovery\n\n\n\n\nSource: OIG Analysis of TSA Information\n\nTSA Actions in Response to the SSI Security Breach\n\nIn response to the notification of the improperly redacted Screening\nManagement SOPs on the internet, TSA\xe2\x80\x99s Acting Administrator\nimplemented a number of immediate actions and formulated intermediate\nand long-term plans to mitigate vulnerabilities. Some of these actions\ninclude:\n\n        \xef\xbf\xbd\t Directing that all screening SOPs are to be marked and handled\n           as SSI in entirety until further review.\n        \xef\xbf\xbd\t Conducting an inventory of all SSI documents and directing\n           development of specific handling guidance.\n        \xef\xbf\xbd\t Directing ACQ review all other FedBizOpps.gov postings for\n           SSI and take down any SSI documents.\n        \xef\xbf\xbd\t Directing OSO complete a full review of the SOP that was\n           leaked and advise of any additional enhancements to security\n           operations that should be made.\n        \xef\xbf\xbd\t Conducting aggressive outreach to industry stakeholders and\n           partners.\n\nRefer to Appendices H and I for more detailed information on these\nDecember 8, 2009, actions. Also to convey the level of importance of this\nincident the Acting Administrator conveyed, \xe2\x80\x9cIt was a failure that we take\n\n           TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                              Page 16\n\x0c         very seriously, but in the end, we will be a stronger organization and our\n         security system will be even further enhanced because we have been\n         through this crisis.\xe2\x80\x9d\n\n\nConclusion\n         Once TSA received notification that SSI in its Screening Management\n         SOP was visible to the public, the Acting Administrator took a number of\n         immediate, intermediate, and long-term actions to mitigate vulnerabilities.\n         In reviewing the events and circumstances surrounding the SSI release, we\n         determined that OSSI\xe2\x80\x99s failure to follow its procedures resulted in an\n         improper redaction of SSI. In addition, TSA actions to support the\n         solicitation to privatize seven airports in the State of Montana faced a\n         number of challenges, including several amendments to the solicitation\n         and concerns that the Screening Management SOPs attachment was not\n         marked properly. Although the solicitation closed on August 24, 2009, the\n         original request for proposal with all attached documents remained visible\n         on the internet until the TSA Blog Team received notification of the\n         breach on December 6, 2009.\n\n         We are concerned that an improperly redacted version of the SSI\n         Screening Management SOPs passed through a number of TSA offices\n         from June 7, 2008, to posting the document on FedBizOps.gov on\n         March 3, 2009, and again on March 16, 2009, without any internal\n         procedures to determine whether the document was redacted properly. As\n         a result, TSA and department internal controls for reviewing, redacting,\n         and coordinating the protection of SSI are deficient. By implementing our\n         five recommendations, TSA and the department will be positioned better\n         to protect the handling, review, redaction, and dissemination of SSI.\n\n\n    Recommendations, Management Comments, and OIG Analysis\n         Recommendation #1: We recommend that the DHS Chief Privacy\n         Officer convene a working group of information technology experts from\n         across the department to determine a department-wide standard for\n         redaction software, and to develop methods for the proper public release\n         of any sensitive information. Ensure that any selected software meets the\n         department-wide standards as determined by the working group.\n\n         Chief Privacy Officer Response: The Chief Privacy Officer concurs\n         with Recommendation 1. In December 2009, DHS\xe2\x80\x99 Deputy Secretary\n         established a senior level team, the DHS Information Security Working\n         Group, to examine the department\xe2\x80\x99s information security program\n\n                    TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                       Page 17\n\x0cprotocols related to sensitive but unclassified information. The Chief\nPrivacy Officer and the working group, which includes information\ntechnology, security, policy, privacy, and legal experts, have met several\ntimes and have instituted the planning necessary to take these steps.\n\nTSA Response: TSA management responded that it will support all\nactions initiated in response to this recommendation.\n\nOIG Analysis: The department\xe2\x80\x99s proposed actions are responsive to the\nintent of the recommendation, which is resolved and open. This\nrecommendation will remain open pending our receipt of the working\ngroup\xe2\x80\x99s department-wide standard for redaction software, the methods\ndeveloped for the proper public release of any sensitive information, and a\ndetermination that any software used for redaction meets the department-\nwide standards determined by the working group.\n\nRecommendation #2: We recommend that the DHS Chief Privacy\nOfficer, in coordination with the Acting Administrator for TSA revise\npolicies, procedures, and training materials to ensure that upon\ntransmission or receipt of any redacted document, department senders and\nrecipients are required to determine whether redacted information in the\ndocument is visible or retrievable. When redacted information is visible\nor retrievable, the sender and recipient must acknowledge to one another\nthe document is not redacted and cannot be disseminated publicly.\n\nChief Privacy Officer Response: The Chief Privacy Officer concurs\nwith Recommendation 2, and will coordinate with TSA\xe2\x80\x99s Acting\nAdministrator. The Chief Privacy Officer notes that the Acting\nAdministrator responded separately to us, and TSA will revise its\nprocedures and training materials to include the proper handling of\nredacted materials to ensure they no longer contain sensitive information\nprior to public release. The Chief Privacy Officer responded that the DHS\nInformation Security Working Group is coordinating the review and\nrevision of policies, procedures, and training materials department-wide.\n\nTSA Response: TSA management responded that it concurs with\nRecommendation 2. TSA will revise its procedures and training materials\nto include the proper handling of redacted materials to ensure they no\nlonger contain sensitive information prior to public release.\n\nOIG Analysis: The department\xe2\x80\x99s proposed actions are responsive to the\nintent of the recommendation, which is resolved and open. This\nrecommendation will remain open pending our receipt of TSA\xe2\x80\x99s revised\nprocedures and training materials to include the proper handling of\nredacted materials.\n\n\n           TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                              Page 18\n\x0cRecommendation #3: We recommend that the Acting Administrator for\nTSA ensure that upon the redaction of any Sensitive Security Information\ndocument, there is an independent quality control procedure to validate\nthat redacted information is not visible or retrievable. The quality control\nreviewer is someone other than the person who performs and applies the\nredactions. The quality control reviewer is to search the document for\nknown redacted text, and is to determine that no visible or retrievable\ninformation exists before subsequent transmission of the document can\noccur.\n\nTSA Response: TSA management responded that it concurs with\nRecommendation 3. TSA\xe2\x80\x99s Sensitive Security Information Program\nOffice has been realigned from the Office of the Special Counselor to the\nOffice of Intelligence as the Sensitive Security Information Branch.\nImmediately following this incident, the Sensitive Security Information\nBranch has made one employee responsible for Quality Assurance\nreviews. Based upon the results of this inspection, TSA will make\nadditional changes to the Quality Assurance position.\n\nOIG Analysis: TSA\xe2\x80\x99s proposed actions are responsive to the intent of the\nrecommendation, which is resolved and open. This recommendation will\nremain open pending our receipt of TSA\xe2\x80\x99s changes to the Quality\nAssurance position, which demonstrates there is an independent quality\ncontrol procedure to validate that redacted information is not visible or\nretrievable.\n\nRecommendation #4: We recommend that the Acting Administrator for\nTSA provide Sensitive Security Information recipients with handling and\ntransmission instructions, which include details for external releases and\npassword protection measures. Further, these instructions should be\nretained with the Sensitive Security Information document.\n\nTSA Response: TSA management responded that it concurs with\nRecommendation 4. In addition to required annual training for TSA\nemployees, TSA makes guidance available on the proper handling of SSI.\nThis guidance will be updated to include handling, transmission, and\nexternal release instructions.\n\nOIG Analysis: TSA\xe2\x80\x99s proposed actions are responsive to the intent of the\nrecommendation, which is resolved and open. The recommendation will\nremain open pending our receipt TSA\xe2\x80\x99s revised guidance, which includes\nupdated handling, transmission, and external release instructions.\n\n\n\n\n           TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                              Page 19\n\x0cRecommendation #5: We recommend that the Acting Administrator for\nTSA conduct an audit of the Sensitive Security Information Tracking\nAudit and Review System to ensure that intake, review, and dissemination\nof requests are accurate.\n\nTSA Response: TSA management responded that it concurs with\nRecommendation 5. The TSA\xe2\x80\x99s Acting Administrator has asked TSA's\nOffice of Inspection to conduct a program review on this matter.\n\nOIG Analysis: TSA\xe2\x80\x99s proposed actions are responsive to the intent of the\nrecommendation, which is resolved and open. This recommendation will\nremain open pending our receipt of TSA\xe2\x80\x99s Office of Inspection program\nreview of the Sensitive Security Information Tracking Audit and Review\nSystem.\n\n\n\n\n          TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                             Page 20\n\x0cAppendix A\nScope, Purpose, and Methodology\n\n            In response to a request from DHS\xe2\x80\x99 Secretary, we assessed the events and\n            actions surrounding the review, public posting, and discovery of an\n            unredacted SSI Screening Management SOPs document. Specifically, our\n            objectives were to determine how and why the release occurred, and\n            whether management controls are in place and operational to ensure that a\n            similar event would not recur.\n\n            We interviewed representatives of multiple TSA offices, to include OSSI,\n            the SPPO, ACQ, OIT, OSO, Office of Special Counselor, and the Office\n            of Inspections. In addition, we interviewed employees and officials of\n            relevant offices, components, and entities external to TSA and DHS. We\n            did not perform an analysis of OSSI\xe2\x80\x99s assessment of what it considers SSI\n            in the Screening Management SOP.\n\n            We also reviewed applicable legislation, regulations, directives, policies,\n            operating procedures, databases, and official guidance, documents and\n            manuals. In addition, we studied work previously performed by our office\n            in this and associated areas, as well as the work conducted by Government\n            Accountability Office.\n\n            Our fieldwork occurred in December 2009. We initiated this review under\n            the authority of the Inspector General Act of 1978, as amended, and\n            according to the \xe2\x80\x9cQuality Standards for Inspections,\xe2\x80\x9d issued by the\n            President\xe2\x80\x99s Council on Integrity and Efficiency.\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                         Page 21\n\x0cAppendix B\nTSA Comments to the Draft Report\n\n\n\n\n                     TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                        Page 22\n\x0cAppendix B\nTSA Comments to the Draft Report\n\n\n\n\n                     TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                        Page 23 \n\n\x0cAppendix B\nTSA Comments to the Draft Report\n\n\n\n\n                     TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                        Page 24 \n\n\x0cAppendix B\nTSA Comments to the Draft Report\n\n\n\n\n                     TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                        Page 25 \n\n\x0cAppendix C\nChief Privacy Officer Comments to the Draft Report\n\n\n\n\n                       TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                          Page 26 \n\n\x0cAppendix C\nChief Privacy Officer Comments to the Draft Report\n\n\n\n\n                       TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                          Page 27 \n\n\x0cAppendix D\nEvolution and History of the Redacted Screening Management SOPs\n\n\n\n\n                                         TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                                            Page 28 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                         Page 29\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 30 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 31 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 32 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 33 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 34 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 35 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 36 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 37 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 38 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 39 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 40 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 41 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 42 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 43 \n\n\x0cAppendix E\nThe SSI Review Analyst SOP Checklist and Style Guide\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                         Page 44 \n\n\x0cAppendix F\nOffice of SSI Transmission Email of Redacted Screening Management SOP to the\nScreening Partnership Program Office\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                         Page 45\n\x0cAppendix G\nOffice of SSI Transmission Memorandum of Redacted Screening Management SOP\nto the Screening Partnership Program Office\n\n\n\n\n                     TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                        Page 46\n\x0cAppendix H\nSecurity Screening Standard Operating Procedures \xe2\x80\x93 Sensitive Security\nInformation\n\n\n\n\n                       TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                          Page 47\n\x0cAppendix H\nSecurity Screening Standard Operating Procedures \xe2\x80\x93 Sensitive Security\nInformation\n\n\n\n\n                       TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                          Page 48 \n\n\x0cAppendix I\nInventory of SSI Documents and Proper Handling Guidance\n\n\n\n\n                      TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                         Page 49\n\x0cAppendix J\nMajor Contributors to this Report\n\n                    Marcia Moxey Hodges, Chief Inspector, Department of Homeland\n                    Security, Office of Inspector General, Office of Inspections\n\n                    Angela Garvin, Senior Inspector Department of Homeland\n                    Security, Office of Inspector General, Office of Inspections\n\n                    McKay Smith, Inspector, Department of Homeland Security,\n                    Office of Inspector General, Office of Inspections\n\n                    Anne Ford, Inspector, Department of Homeland Security, Office of\n                    Inspector General, Office of Inspections\n\n                    Jordan Brafman, Inspector, Department of Homeland Security,\n                    Office of Inspector General, Office of Inspections\n\n                    Office of Inspector General, Office of Investigations, Washington\n                    Field Office\n\n                    Office of Inspector General, Office of Information Technology\n\n\n\n\n                       TSA\xe2\x80\x99s Breach of Sensitive Security Information\n\n                                          Page 50\n\x0cAppendix K\nReport Distribution\n\n                      Department of Homeland Security\n\n                      Secretary\n                      Deputy Secretary\n                      Chief of Staff for Operations\n                      Chief of Staff for Policy\n                      Deputy Chiefs of Staff\n                      General Counsel\n                      Executive Secretariat\n                      Director, GAO/OIG Liaison Office\n                      Assistant Secretary for Office of Policy\n                      Assistant Secretary for Office of Public Affairs\n                      Assistant Secretary for Office of Legislative Affairs\n                      Administrator for the Transportation Security Administration\n                      Chief Privacy Officer\n                      Under Secretary for Management\n                      TSA Audit Liaison\n                      Privacy Office Audit Liaison\n\n                      Office of Management and Budget\n\n                      Chief, Homeland Security Branch\n                      DHS OIG Budget Examiner\n\n                      Congress\n\n                      Congressional Oversight and Appropriations Committees, as\n                      appropriate\n\n\n\n\n                         TSA\xe2\x80\x99s Breach of Sensitive Security Information \n\n\n                                            Page 51 \n\n\x0cADDITIONAL INFORMATION AND COPIES\n\nTo obtain additional copies of this report, please call the Office of Inspector General (OIG) at (202) 254-4100,\nfax your request to (202) 254-4305, or visit the OIG web site at www.dhs.gov/oig.\n\n\nOIG HOTLINE\n\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind of criminal or noncriminal\nmisconduct relative to department programs or operations:\n\n\xe2\x80\xa2 Call our Hotline at 1-800-323-8603;\n\n\xe2\x80\xa2 Fax the complaint directly to us at (202) 254-4292;\n\n\xe2\x80\xa2 Email us at DHSOIGHOTLINE@dhs.gov; or\n\n\xe2\x80\xa2 Write to us at:\n       DHS Office of Inspector General/MAIL STOP 2600,\n       Attention: Office of Investigations - Hotline,\n       245 Murray Drive, SW, Building 410,\n       Washington, DC 20528.\n\n\nThe OIG seeks to protect the identity of each writer and caller.\n\x0c"